<?php
/** php quran acp **/

	// security ..
	define ('PATH' , '../');
	define ('IN_INDEX' , true);
	define ('IN_ADMIN' , true);

	//include imprtant file ..
	require_once (PATH . 'includes/common.php');
	require_once (PATH . 'includes/admin_functions.php');
	
	$result = $SQL->build(array(
	'SELECT'	=> '*',
	'FROM'		=> "{$dbprefix}admins", 
	));
	
	$firewall = array(); //start our firewall
	while($row = $SQL->fetch_array($result))
	{
		$firewall[$row['id']]['username']		= $row['username'];
		$firewall[$row['id']]['userpassword']	= $row['userpassword'];
		$firewall[$row['id']]['usersalt']		= $row['usersalt'];
	}
	
	$SQL->freeresult($result);
	
	if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) 
	{ 
		authenticate(); 
	} 
	else 
	{ 
		$auth = false;
		
		foreach($firewall as $key => $value)
		{ 
			if($_SERVER['PHP_AUTH_USER'] == $value['username'] && sha1($_SERVER['PHP_AUTH_PW'] . $value['usersalt']) == $value['userpassword'])
			{
				$auth = true;
			}
		}
		 
		if($auth == false)
		{
			authenticate();
		} 
	}  

		
	if(!isset($_GET['go']))
	{
		$_GET['go'] = null;	
	}
		
	switch($_GET['go'])
	{
		case 'settings':
					
			$result = $SQL->build(array(
			'SELECT'	=> '*',
			'FROM'		=> "{$dbprefix}config", 
			));
			
			while($row = $SQL->fetch_array($result))
			{
				//make new lovely array !!
				$con[$row['name']] = $SQL->escape($row['value']);
				//when submit
				if (isset($_POST['submit']))
				{
					//-->
					$new[$row['name']] = (isset($_POST[$row['name']])) ? $_POST[$row['name']] : $con[$row['name']];

					$update_query	= array(
										'UPDATE'	=> "{$dbprefix}config",
										'SET'		=> "value='" . $SQL->escape($new[$row['name']]) . "'",
										'WHERE'		=> "name='" . $row['name'] . "'"
									);
					$SQL->build($update_query);
					
						//redirect('',false,false);
					
				}
			}
			
			$SQL->freeresult($result);
			
			if (isset($_POST['submit']))
			{
				redirect('index.php?go=settings',true,true);
			}
			else
			{
			
				aheader('الاعدادات');
	
			
				echo '<form method="POST" action="index.php?go=settings">';
				echo 'اسم الموقع : <input name="sitename" value="'. $con['sitename'] .'" type="text" /><br />
			عنوان الموقع : <input name="siteurl" value="'. $con['siteurl'] .'" type="text" /><br />
			بريد الموقع : <input name="sitemail" value="'. $con['sitemail'] .'" type="text" /><br />
			اغلاق الموقع : نعم<input name="siteclose" type="radio" value="1" ' . (($con['siteclose'] == 1) ? 'checked="checked"' : '') . ' />لا<input name="siteclose" value="0" '  . (($con['siteclose'] == 0) ? 'checked="checked"' : '') . ' type="radio" /><br />
			رسالة اغلاق الموقع : <input name="siteclosemsg" value="'. $con['siteclosemsg'] .'" type="text" /><br />
			اظهار المتواجدين الان: نعم<input name="allow_online" type="radio" value="1" ' . (($con['allow_online'] == 1) ? 'checked="checked"' : '') . ' />لا<input name="allow_online" value="0" '  . (($con['allow_online'] == 0) ? 'checked="checked"' : '') . ' type="radio" /><br />
			اسم القارىء بالبداية : <input name="fn" value="'. $con['fn'] .'" type="text" /><br />
			رقم ايدي القارىء بالبداية : <input name="fr" value="'. $con['fr'] .'" type="text" /><br />';
				echo '<input name="submit" type="submit" value="حفظ" /></form>';
				afooter();
			}
		break;
		
		case 'r':
			if(isset($_GET['delete']) && !empty($_GET['delete']))
			{
				$id = intval($_GET['delete']);
				if($SQL->build(array(
									'DELETE'	=> "{$dbprefix}reciter",
									'WHERE'	=> "reciter_id = '" . $id . "'",
				)))
				{
					redirect('index.php?go=r',true,true);						
				}
				else
				{
					aerror('خطأ اثناء الحذف');
					$SQL->close();
					exit;
				}
					
			}
			else if (isset($_POST['submit']))
			{
				$name 		= $SQL->escape($_POST['reciter_name']);
				$name_en 	= $SQL->escape($_POST['reciter_en']);
				if($SQL->build(array(
									'INSERT'	=> '`reciter_name` ,`reciter_en`',
									'INTO'		=> "`{$dbprefix}reciter`",
									'VALUES'	=> "'$name', '$name_en'"
				)))
				{
					redirect('index.php?go=r',true,true);						
				}
				else
				{
					aerror('خطأ');
					$SQL->close();
					exit;
				}
			}
			else
			{
				aheader('القراء');
				
				echo "<ul>";
				$result = $SQL->build(array(
				'SELECT'	=> '*',
				'FROM'		=> "{$dbprefix}reciter", 
				));
				while($row = $SQL->fetch_array($result))
				{
					echo '<li> [ ID = ' . $row['reciter_id'] . ' ]' . $row['reciter_name'] . ' - <a href="index.php?go=r&delete=' . $row['reciter_id'] . '">حذف</a></li>';
				}
				echo "</ul><hr />";
				$SQL->freeresult($result);	
				echo "<h1>اضف قارىء جديد </h1>";
				echo '<form method="POST" action="index.php?go=r">';
					echo 'اسم القارىء: <input name="reciter_name" value="" type="text" /><br />
				اسم القارىء بالانجليزي : <input name="reciter_en" value="" type="text" /><br />';
					echo '<input name="submit" type="submit" value="حفظ" /></form>';
				//echo '';
				afooter();
			}
		break;
		
		case 'telawat':
		if(isset($_GET['delete']) && !empty($_GET['delete']))
			{
				$id = intval($_GET['delete']);
				if($SQL->build(array(
									'DELETE'	=> "{$dbprefix}telawat",
									'WHERE'	=> "telawa_id = '" . $id . "'",
				)))
				{
					redirect('index.php?go=telawat',true,true);						
				}
				else
				{
					aerror('خطأ اثناء الحذف');
					$SQL->close();
					exit;
				}
					
			}
			else if (isset($_POST['submit']))
			{
				$filename2	= @explode(".", $_FILES['file']['name']);
				$filename2	= strtolower($filename2[sizeof($filename2)-1]);
				$typet		= $filename2;
				$sizet		= !empty($_FILES['file']['size']) ?  $_FILES['file']['size'] : null;
				$zaid 		= time();
				$filename2 	= $zaid . "." . $filename2;
				
				$file = false;
				if(empty($_FILES['file']['tmp_name']))
				{
					aerror('خطأ');
				}
				elseif(preg_match ("#[\\\/\:\*\?\<\>\|\"]#", $filename2))
				{
					aerror('خطأ');
				}
				elseif(!in_array(strtolower($typet), array('mp3')))
				{
					aerror('خطأ');
				}
				else
				{
					$file = move_uploaded_file($_FILES['file']['tmp_name'], '../files/quran/' . $filename2);
				}
				
				if($file)
				{
					$name 		= $SQL->escape($_POST['telawa_title']);
					$name_en 	= intval($_POST['reciter_id']);
					if($SQL->build(array(
									'INSERT'	=> '`telawa_title` ,`reciter_id`, `telawa_path`',
									'INTO'		=> "`{$dbprefix}telawat`",
									'VALUES'	=> "'$name', '$name_en', '/files/quran/$filename2'"
					)))
					{
						redirect('index.php?go=telawat',true,true);						
					}
					else
					{
						aerror('خطا اثناء اضافة تلاوة جديدة');
						$SQL->close();
						exit;
					}
				}
				else
				{
					aerror('خطأ');
				}
			}
			else
			{
				aheader('التلاوات');
				
				echo "<ul>";
				$query = array(
				'SELECT'	=> '*',
				'FROM'		=> "{$dbprefix}telawat t",

				);
				
				$query['JOINS']	=	array(
								array(
									'LEFT JOIN'	=> "{$dbprefix}reciter r",
									'ON'		=> 'r.reciter_id=t.reciter_id'
								)
							);
							
							
				$result = $SQL->build($query);

				while($row = $SQL->fetch_array($result))
				{
					echo '<li> [ ' . $row['telawa_title'] . ' ]' . $row['reciter_name'] . ' - <a href="index.php?go=telawat&delete=' . $row['telawa_id'] . '">حذف</a></li>';
				}
				echo "</ul><hr />";
				$SQL->freeresult($result);	
				echo "<h1>اضف تلاوة جديده </h1>";
				echo '<form method="post" enctype="multipart/form-data" action="index.php?go=telawat">';
					echo 'التلاوة: <input name="telawa_title" value="" type="text" /><br />
					<input type="file" name="file"  size="35" /><br />

				<select name="reciter_id" tabindex="3">
				';
				$result = $SQL->build(array(
				'SELECT'	=> '*',
				'FROM'		=> "{$dbprefix}reciter", 
				));
				while($row = $SQL->fetch_array($result))
				{
					echo '<option value="' . $row['reciter_id'] . '">' . $row['reciter_name'] . '</option>';
				}
				echo '</select><br />';
				$SQL->freeresult($result);	
					echo '<input name="submit" type="submit" value="حفظ" /></form>';
				//echo '';
				afooter();
			}
		break;
		
		case 'admins':

			if(isset($_GET['delete']) && !empty($_GET['delete']))
			{
				$id = intval($_GET['delete']);
				if($SQL->build(array(
									'DELETE'	=> "{$dbprefix}admins",
									'WHERE'	=> "id = '" . $id . "'",
				)))
				{
					redirect('index.php?go=admins',true,true);						
				}
				else
				{
					aerror('خطأ اثناء الحذف');
					$SQL->close();
					exit;
				}
					
			}
			else if (isset($_POST['submit']))
			{
				$name 		= $SQL->escape($_POST['username']);
				$name_en 	= $SQL->escape($_POST['userpassword']);
				$salt		= (string) substr(base64_encode(pack("H*", sha1(mt_rand()))), 0, 7);
				$name_pass	= sha1($name_en . $salt);
				if($SQL->build(array(
									'INSERT'	=> '`username` ,`userpassword` ,`usersalt`',
									'INTO'		=> "`{$dbprefix}admins`",
									'VALUES'	=> "'$name', '$name_pass', '$salt'"
				)))
				{
					redirect('index.php?go=admins',true,true);						
				}
				else
				{
					aerror('خطأ');
					$SQL->close();
					exit;
				}
			}
			else
			{
				aheader('المدراء');
				
				echo "<ul>";
				$result = $SQL->build(array(
				'SELECT'	=> '*',
				'FROM'		=> "{$dbprefix}admins", 
				));
				while($row = $SQL->fetch_array($result))
				{
					echo '<li>' . $row['username'] . ' - <a href="index.php?go=admins&delete=' . $row['id'] . '">حذف</a></li>';
				}
				echo "</ul><hr />";
				$SQL->freeresult($result);	
				echo "<h1>اضف مدير جديد </h1>";
				echo '<form method="POST" action="index.php?go=admins">';
					echo 'حساب المدير الجديد: <input name="username" value="" type="text" /><br />
				كلمة المرور : <input name="userpassword" value="" type="password" /><br />';
					echo '<input name="submit" type="submit" value="حفظ" /></form>';
				//echo '';
				afooter();
			}
		break;
		
		default:
			aheader('البداية');
			echo '';
			afooter();
		break;
	}